Earlier this week, details emerged about a new vulnerability in WPA2, the latest encryption standard used to secure WiFi traffic. This is especially alarming as this attack, known as a KRACK (Key Reinstallation Attack), affects all variants of the WPA2 protocol including enterprise, considered to be the most secure form of WiFi transmission.
In practice, the KRACK attack makes it possible to steal private credentials and information, such as credit card numbers, usernames, passwords, chat messages and so on, that were assumed to be kept secret through encryption. It also allows the injection of malicious payloads, including malware and ransomware, into normal traffic.
There are a few steps that you can follow to ensure you’re not affected by this attack while vendors work on releasing patches for routers, mobile devices and operating systems going forward.
- Be aware of when a site is using HTTPS and look for a green lock symbol next to the URL in the address bar of sites you visit. This attack breaks the encryption, and while you may not see a warning, a missing padlock is a sign that what you’re entering is not secure.
- Keep your mobile devices and computers updated. There will be updates from most major vendors shortly that address this and other security vulnerabilities.
- Consider using a VPN while on public or untrusted networks. A VPN (Virtual Private Network) encrypts your traffic from your local device to its endpoint, which could be your office, home or a third-party VPN service.
- Turn off your WiFi. If you have a cellular device and need to check your bank account or send a sensitive email, disable your WiFi while you do so. Don’t forget to re-enable it so you don’t run up data charges!